Embed Size (px)
Citation preview
Chess ReviewMay 11, 2005Berkeley, CA
Platform Modeling and Analysis
Presented byTivadar SzemethyISIS, Vanderbilt University
Review, May 11, 2005 2
Model-Based Design with Components
Design Modelcomponents interacting
according to a “Model of Computation”
Runtime Platformabstraction of
HW/SW/MW services
Platform
HW CPU
Network
HW CPU
Comp.
Comp.
Comp. Comp.
Comp.
Comp. Comp.
Component-Based System
System Synthesis:1. Map the design-time components into platform
objects2. Enforce interaction rules using platform services
Review, May 11, 2005 3
Analysis model for verification
• Verification:– does it satisfy requirements specification ?
• Need design requirements, in terms of– observable MoC events (mapped to Platform)– Platform quantities (resources)
Analysis necessitates Platform-level model
Behavior := System Model + Components + MoC semantics + Platform
properties
Review, May 11, 2005 4
Platform-level analysis model
• Purpose – formal verification (ideal)– simulation (at least)
• Language for analysis model:– SMV/SPIN model, Timed/Hybrid Automata…– Simulink…
• To be automatically constructed based on– MoC semantics (formal, well-defined)– Platform properties (?)
Review, May 11, 2005 5
Example: SMOLES -> UPPAAL 1.
• Application: Camera tracking an object
• Simple MOdeling Lang. for Embedded Sys.– Dataflow-oriented DSML in GME– Components, Ports, Triggers, Timers, Methods
• Platform: DataFlow Kernel– simple OO asynch. dataflow engine in C++/Java– SMOLES model interpreter generates code
• Analysis model: UPPAAL Timed Automata
Review, May 11, 2005 6
Example: SMOLES -> UPPAAL 2.
Review, May 11, 2005 7
Example: SMOLES -> UPPAAL 3.
KernelrunTimer1
runComponent1
g: (running == kernel &&Timer1Clk > Period1 &&Timer1OutBuff.avaliable())u: Timer1Clk.reset()u: Timer1OutBuf++
.
.
.g: (running == kernel &&
UComp1.Methodm.Triggert)u: running:=Comp1
schedule
g: running == kernel
g: (running == kernel &&
not(UCompn.Methodm.Triggert) &&
not(UTimernClk>Periodn)u: IdleClk.reset()
inv: IdleClk
<IdlePeriod
idle
g: IdleClk >= IdlePeriod
Idle
.
.
.
Method1
g: (running == me &&trigger1 == true)u: input_token_cnt--
inv: (clk < WCET)
g: (clk >= BCET)u: output_token_cnt++, running:=Kernel
Componenti
Methodn
Review, May 11, 2005 8
Example: SMOLES -> UPPAAL 4.
Translation rulesetinput: SMOLES modeloutput: UPPAAL TAimplicit: DFK “internals”
Platform-level modelone TA per componentone TA for KernelTranslation using
graph transformations
GReAT graph rewriting tool (GME add-on)
Review, May 11, 2005 9
Lessons learned
UPPAAL analysis model too restrictiveno preemptive
schedulingonly for timing analysisno higher-level structures
“Intermediate format”e.g. IF or Metropolishigher-level languageprovides mapping to
multiple analysis tools
DFK model was implicit in transformation:complex, monolithic
transformation spec.
Platform model as1) “Skeleton” for
1) Components2) Kernel
2) Rules to construct synchronizers/guards
3) Composition
results published in:
“Platform Modeling and Model Transformations for Analysis”in Journal of Universal Computer Science vol. 10, pp. 1383-1407, 2004
Review, May 11, 2005 10
Generating the analysis model
Well-definedtoolchain
The DSML → IF transformation needs to “know”:• DSML → Platform mapping• Platform → IF mapping• Platform interaction rules
Review, May 11, 2005 11
Generating the transformation
Well-definedtoolchain
Encoded in the transformation:• DSML to Platform mapping• Platform to IF (“expansion”)• Platform interaction rules
Transformation generator:
1. rewrite the (DSML→Platform)mapping to (DSML → IF)
2. model composition rules(through Kernel entity, defined in the PM)
Review, May 11, 2005 12
The “Big Picture”
Meta-level “operational”
level
Review, May 11, 2005 13
Preliminary results
• Formalizing the Platform– GME metamodel for DFK– SMOLES → DFK transformation specified as
graph transformation in GReAT
• In search of an Intermediate Format– Evaluating VERIMAG’s IF framework
(metamodel, simple translators and examples)
• Started working on modeling– Giotto with E-machine
